Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
O
O
ObehanProger2019-07-20 10:12:09
iptables
ObehanProger, 2019-07-20 10:12:09

Is there a conflict between the ACCEPT and DROP rules in iptables for two ipset lists?

There are two lists badips and goodips, and they have some of the same ip addresses. goodips is set to ACCEPT policy DROP, and badips is set to DROP policy ACCEPT. What will happen to the ip addresses that are in both lists, will they be blocked or allowed? All rules for incoming INPUT packets

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
H
hint000, 2019-07-20
@ObehanProger

There is no conflict. The result depends on the order in which you write the rules. If ACCEPT comes first, then ACCEPT will work and the rule where DROP will simply not reach. And vice versa, if DROP first, then it will work. This is a general principle for the filter table: the rules in the chain are iterated until one works. As soon as it worked, we no longer look at the rest in this chain.

Similar questions
V
Vadim Aliev2021-12-10 20:32:03
How to forward traffic from certain requests to a network interface? 1Reply
R
Robert2016-05-13 17:02:21
Iptables and redirect to internal server? 1Reply
T
Timur Gromov2016-05-24 11:12:45
How to redirect all outgoing vpn client requests to port 80 on localhost? 1Reply
V
Vindicar2022-01-08 14:48:11
Oracle Cloud: How to debug a firewall that cuts HTTPS? 1Reply
V
varchunnix2018-11-09 11:59:28
How to set up interfaces on the server, as well as iptables for a transparent proxy that is behind the router? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question